You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a merchant has a token-on-file and requests a cryptogram for a subsequent transaction, they have the option of requesting the cryptogram through a backend integration, or throught payment request API via the token-cryptogram payment method.
The token itself may have domain controls on it meaning that only the original token requestor can request subsequent cryptograms.
If the token requestor was a payment handler (browser or third party) this means reusing the same one for subsequent transactions. This may not raise issues generally, but the question has come up: what happens if the user does not have the same piece of software (e.g., the first transaction took place from a home computer, and subsequent transactions might happen from a work computer)? Do people think that is an important use case (for version 1 of this specification)?
If the token requestor was the merchant, this creates some opportunities for greater flexibility (at least in theory) - the user might be able to use a broader set of browsers and/or payment handlers, provided those software agents can speak to the TSP that minted the original token.
The text was updated successfully, but these errors were encountered:
When a merchant has a token-on-file and requests a cryptogram for a subsequent transaction, they have the option of requesting the cryptogram through a backend integration, or throught payment request API via the token-cryptogram payment method.
The token itself may have domain controls on it meaning that only the original token requestor can request subsequent cryptograms.
If the token requestor was a payment handler (browser or third party) this means reusing the same one for subsequent transactions. This may not raise issues generally, but the question has come up: what happens if the user does not have the same piece of software (e.g., the first transaction took place from a home computer, and subsequent transactions might happen from a work computer)? Do people think that is an important use case (for version 1 of this specification)?
If the token requestor was the merchant, this creates some opportunities for greater flexibility (at least in theory) - the user might be able to use a broader set of browsers and/or payment handlers, provided those software agents can speak to the TSP that minted the original token.
The text was updated successfully, but these errors were encountered: